SUBSCRIBE VIA RSS


Subscribe to our feed

Symfony Experts

Symfony Experts
If you have an urgent question for a symfony-related issue, this is the place to ask.

Topics

Stack Overflow


The old fashioned way

RECENT TUNES

November 13, 2008 – 3:58pm Gmail Spam from ui-mall.com — Don’t fall for it!

A friend’s gmail password was either cracked or stolen somehow and his account started sending out mass messages to his contacts. The message contains the following:

Hey friend,

How are you doing recently? I’d like to introduce you a very good foreign trading online company and the website is www.ui-mall.com

It can offer you so many kinds of electronic products which you may be in need,such as laptops, gps, TV, cell phones, ps, MP3/4, motorcycles even several kinds of musical instruments and etc..

You can take some time to have a check ,there must be something you are interested in and you ‘d like to purchase .

The contacts:
MSN: uimall@hotmail.com
Email: uimall@188.com

Hoping you can enjoy your shopping from that company !

Regards

I googled this and couldn’t find any other posts about it. Looking at the headers it appears these messages aren’t just spoofing the “from:” header, but are actually being sent through gmail. The script is also replying blinding to any messages I send to him with the same body copy.

If anyone else sees this happening please post a comment!

Update: This thread mentions to check your gmail Vacation responder settings and clear out any text that may be hidden there.

Update 2: If you need help with changing your password, visit My account has been compromised in the Gmail help center.

Posted by in  Uncategorized   |  

28 Responses to Gmail Spam from ui-mall.com — Don’t fall for it!

  1. Just got the same message from my friend-of-friend…

    Yikes. Did Gmail get hacked?

    And does anyone know if that site is legit? It’s coming from Bejing, so by *legit* I mean ‘actually receive the products’ and are they actually ‘real’ ? (or just knock-offs)

  2. MichaelMinneapolis says:

    Grrr… same thing happened to me. I changed my password and it looks like it stopped.

  3. Hacked in Virginia says:

    +1 happening to me. i changed password and it is still happening! now what?

  4. Hacked in Virginia says:

    ok, it is the vacation responder.

  5. Paul says:

    I changed my password but it still happens!

    How do I stop it!!!

    I am using Thunderbird.

    thanks!
    Paul

  6. Paul says:

    Ok, got it.

    I use a pop-mail client so didn’t get the vacation responder hint given earlier.

    Obvious now–login to my actual gmail account and go to my gmail settings and lo and behold they have hacked the vaction responder, setting it to on and the message there.

    I turned it of, cleaned out the message to be safe, this seemed to turn it back on, so I turned it off again (!) and then saved the page AND changed my password. Sorry if this seems a bit obvious to you, but to me it wasnt.

  7. Britta says:

    I just opened gmail to check my emails and saw that I got lots of delivery status notification (failure) from emails addresses that I did not write to. I checked it out and apparently I send an email 3 hours ago with that body message (Hey friend….). As I realized this was not spoofing I immediately changed my password and checked my settings. In the settings the vacation message had been turned on and changed to send out the spam-message. I really hope I am home safe now with changing pwd and turning vacation message off.
    I’ll check this thread on regular basis to learn more.

    Regards

  8. Lia says:

    The same thing just happened to me today. I definitely have the original sent e-mail in my ‘Sent’ folder, so it originated from my account. I changed my password and security questions, and completely cleared out my contacts list. The spam was sent only to contacts in my Gmail web account, NOT the ones I’ve used since starting to use Mail on Mac OS (thank goodness). So it’s definitely coming only from the Gmail level.

  9. Sean says:

    FYI. I just checked my hotmail account and this happened to me too. This is not just a GMail problem. The exact message was sent and there were two emails in my sent folder. I changed my pwd and checked my vaca msg. Hears hoping it worked.

  10. Hal says:

    There are three things you need to do to insure that it doesn’t happen again.

    1) go to your gmail account settings and choose ‘use https’ for all transactions.
    2) Change your password and never use the same one again (I made that mistake the first time I was hacked)
    3) Clear out your vacation responder and set it to ‘off’.

    I *hate* spammers.

    Hal

  11. Angela says:

    It happened to me too and sent e-mails to customers, exes, people I didn’t even want to know I existed anymore!! What an invastion of privacy!! B@st@rds!!

  12. Matt says:

    Got me too. I changed password and turned off the auto responder. Gmail account.

  13. Scott Meves says:

    Anyone have any idea how these folks might be lifting your passwords? Do you think they were simply guessed using trial and error (did your password have letters and numbers?), or lifted through phishing (logging into a site pretending to be gmail?).

  14. Ben says:

    Got me too! I consider myself to be very careful about my browsing. Is this a bug related to a google lab feature? I’ve felt a little careless recently enabling google products without much checking.

    This sucks, so many spam emails sent out to ex girlfriends, work people, etc. DAMN!

  15. Sooner says:

    I don’t actually think they are stealing your passwords. They are even using email sent to me to get my email address, then they are spoofing it. I didn’t have any “sent” mail for this email. I got it coming and going. I got the return to senders and I also got a spam with a header from an email I received earlier and was expecting to recieve. The stole the header on the way in to my email box. It’s as if they are monitoring email traffic.

  16. Scott Meves says:

    @Sooner: But that doesn’t explain how the message gets put into people’s vacation auto-response…

  17. Pete says:

    If it makes anyone feel better (or worse), this is happening on Hotmail accounts, as well. The message is definitely in the Sent folder, but it’s not showing up in the Vacation Responder. Changed the password, marked the Sent messages as “Unsafe” and reported to Hotmail and now crossing my fingers. And I don’t even use Hotmail for online transactions….

  18. Tropikal says:

    I’m using the Windows Live Mail client for my e-mails and it doing it over here too. It’s sending the same message to everyone one in my contact lists. I’m sure hanging out in these social websites caused it. I’m sure of it. Now going about removing this hack is going to be a mission. I’ll keeping on searching for a possible solution.

  19. Jeff Brandt says:

    Had it happen to me on gmail today. My vacation responder was not set, the email is in my Sent folder for sure. In the meantime I guess I’ll change my password.

  20. Johann says:

    Hey, Just had it happen to me, spammed my contact list, I’m with hotmail, so changed my password, reported it as phishing or something, and looked for vacation text, but nothing there… hoping for the best now…

  21. Jon Williams says:

    Thank you for the heads up!

  22. bill says:

    Since i moved to http://www.corlive.com I get no spam – i really recommend this service.

  23. Ted Thibault says:

    So I’ve been hit too. This is the third “round of emails” sent to folks on my email list. My intention is to spend the rest of my life hunting down virus creators, spammers, et al and eliminate them from the planet. Looking for a few good men and women who feel the same way.

    I sent a notice to http://www.ui-mall.com and asked them to quite but obviously that didn’t work either. I’ll change the password, but if they have captured the email list not sure I can stop this without changing my ID.

  24. Frankie says:

    Just happened to me as well – ironically I was using Google Chrome. Would that be an application trying to mimic human behaviour?

    I just turned the “Mail Goggles” feature in the “Google Labs” on, so as to make sure that it must be a human to send out emails from GMail. Don’t know if it helps though

  25. anynymous says:

    sorry to dissapoint a lot of you’s but this isn’t a problem held directly to gmail… i just received this same email from a friend using hotmail….

  26. Natalie says:

    Just got it too! This sucks!

  27. Angel says:

    It happened to me on yahoo using my “family only” email rather than the one I use for websites so not sure how they got it. I’ve even got AVG on my computer 🙁

  28. Wall Decals For Kids Jason says:

    Oh, hey, thanks for the heads up! This almost got me. Thanks for sharing.